To get a valid session token to use with Burp Suite tools, I ended up writing a small Python extension (110 lines of code, but who’s counting?) that obtained a new session token for each request, allowing items like Intruder to work as intended. Cool, I was able to use it during the test, but I would like this to be repeatable. So, this blog is releasing Swapper, a regex pattern-based match/replace Burp Suite extension.

The post Swapper – A Pure Regex Match/Replace Burp Extension appeared first on Black Hills Information Security, Inc..

This blog will not dive too deeply into BloodHound itself; instead, we will focus on various methods to collect AD data to provide BloodHound as input.

The post A Practical Guide to BloodHound Data Collection appeared first on Black Hills Information Security, Inc..

The computer networking field is broad, encompassing many focus areas similar to cybersecurity. If you’re new to the field or just interested in networking, knowing where to start can be challenging. Searching for a network engineer position on any job listing site will yield thousands of results, and no two job descriptions will be the same.

The post Network Engineering Basics appeared first on Black Hills Information Security, Inc..

An offensive security perspective on Microsoft Edge WebView2 Runtime, including architectural weaknesses, existing vulnerabilities, and exploitation methods.

The post Signed, Trusted, and Abused: Proxy Execution via WebView2 appeared first on Black Hills Information Security, Inc..

Advice about getting started in pentesting from the BHIS pentest lead, including a learning path and why you should go all in on offensive security skills.

The post Getting Started In Pentesting – Advice From The BHIS Pentest Lead appeared first on Black Hills Information Security, Inc..

This overview of the basics of Cloud Security includes some tips and resources for getting started in defending the cloud.

The post Cloud Security: Tips and Resources for Securing the Cloud appeared first on Black Hills Information Security, Inc..

Real-world account of how insecure databases and an AI chatbot left customer data exposed and how it could have been prevented.

The post Lessons From A Chatbot Incident appeared first on Black Hills Information Security, Inc..

Learn how to transform boring, meeting-style security tabletop exercises into engaging real-world scenario simulations.

The post How to Lead Effective Tabletops appeared first on Black Hills Information Security, Inc..

“GRC” isn’t all witchcraft and administrative nonsense — it’s the core that drives security initiatives, connects security spend to business outcomes, and powers a well-functioning security team.

The post Understanding GRC: How to Navigate Risks and Compliance Standards appeared first on Black Hills Information Security, Inc..

Learn about a pentesting tool using the Pluggable Authentication Module for privilege escalation, lateral movement, and persistence in Linux.

The post The “P” in PAM is for Persistence: Linux Persistence Technique appeared first on Black Hills Information Security, Inc..

Malware analysis is an amazing field that can be interesting, fun, and useful for your cybersecurity career. If you’re wondering WHY anyone would want to dig into malware, it’s all for a better understanding of cybersecurity!

The post Malware Analysis: How to Analyze and Understand Malware appeared first on Black Hills Information Security, Inc..

OSINT stands for open-source intelligence, and it refers to all publicly available information on the open internet which has been obtained without any special requirements (paywalls, invitations, etc.).

The post OSINT: How to Find, Use, and Control Open-Source Intelligence appeared first on Black Hills Information Security, Inc..

Having assembled fundamental lab components, you now get to play! However, the ocean of potential projects can be intimidating. Where does one even start?

The post What to Do with Your First Home Lab appeared first on Black Hills Information Security, Inc..

Hear a tale about the time the BHIS SOC team conducted a 14-hour overnight incident response... from the Wild West Hackin' Fest conference in Deadwood, South Dakota.

The post When the SOC Goes to Deadwood: A Night to Remember  appeared first on Black Hills Information Security, Inc..

This scenario simultaneously tests identity confirmation tooling (SSPR, MFA, Conditional Access), how users act under pressure, and the organization's ability to detect and follow-up on social engineering attacks.

The post Social Engineering and Microsoft SSPR: The Road to Pwnage is Paved with Good Intentions  appeared first on Black Hills Information Security, Inc..

In today’s interconnected digital world, information security has become a critical concern for individuals, businesses, and governments alike. Cyber threats, which encompass a wide range of malicious activities targeting information systems, pose significant risks to the confidentiality, integrity, and availability of data.

The post Common Cyber Threats appeared first on Black Hills Information Security, Inc..

This blog is for anyone who is interested in finding a good penetration testing company.

The post Finding the Right Penetration Testing Company appeared first on Black Hills Information Security, Inc..

Deceptive-Auditing is a tool that deploys Active Directory honeypots and automatically enables auditing for those honeypots.

The post Deceptive-Auditing: An Active Directory Honeypots Tool appeared first on Black Hills Information Security, Inc..

By Troy Wojewoda During a recent Breach Assessment engagement, BHIS discovered a highly stealthy and persistent intrusion technique utilized by a threat actor to maintain Command-and-Control (C2) within the client’s […]

The post The Curious Case of the Comburglar appeared first on Black Hills Information Security, Inc..

Setting goals is a deceptively simple career skill we all know is important, but how do you set goals you’re actually excited to work towards?

The post How to Set Smart Goals (That Actually Work For You) appeared first on Black Hills Information Security, Inc..